diff --git a/backend/onyx/auth/schemas.py b/backend/onyx/auth/schemas.py
index 51983dd3e00e..f2a4ef8a07a3 100644
--- a/backend/onyx/auth/schemas.py
+++ b/backend/onyx/auth/schemas.py
@@ -49,4 +49,6 @@ class UserCreate(schemas.BaseUserCreate):
 
 
 class UserUpdate(schemas.BaseUserUpdate):
-    role: UserRole
+    # Role updates are not allowed through the user update endpoint for security reasons
+    # Role changes should be handled through a separate, admin-only process
+    pass
diff --git a/backend/onyx/auth/users.py b/backend/onyx/auth/users.py
index eb337da90be5..86556bfe8d11 100644
--- a/backend/onyx/auth/users.py
+++ b/backend/onyx/auth/users.py
@@ -252,7 +252,6 @@ class UserManager(UUIDIDMixin, BaseUserManager[User, uuid.UUID]):
                 if not user.role.is_web_login() and user_create.role.is_web_login():
                     user_update = UserUpdate(
                         password=user_create.password,
-                        role=user_create.role,
                         is_verified=user_create.is_verified,
                     )
                     user = await self.update(user_update, user)